Lines 31-36
Link Here
|
31 |
#define get_string(lenp) buffer_get_string(&iqueue, lenp); |
31 |
#define get_string(lenp) buffer_get_string(&iqueue, lenp); |
32 |
#define TRACE debug |
32 |
#define TRACE debug |
33 |
|
33 |
|
|
|
34 |
/* SFTP_UMASK */ |
35 |
static mode_t setumask = 0; |
36 |
|
37 |
static int permit_chmod = 1; |
38 |
static int permit_chown = 1; |
39 |
static int permit_logging = 0; |
40 |
|
34 |
extern char *__progname; |
41 |
extern char *__progname; |
35 |
|
42 |
|
36 |
/* input and output queue */ |
43 |
/* input and output queue */ |
Lines 381-386
Link Here
|
381 |
a = get_attrib(); |
388 |
a = get_attrib(); |
382 |
flags = flags_from_portable(pflags); |
389 |
flags = flags_from_portable(pflags); |
383 |
mode = (a->flags & SSH2_FILEXFER_ATTR_PERMISSIONS) ? a->perm : 0666; |
390 |
mode = (a->flags & SSH2_FILEXFER_ATTR_PERMISSIONS) ? a->perm : 0666; |
|
|
391 |
|
392 |
if (setumask != 0) { |
393 |
if ( permit_logging == 1 ) |
394 |
logit("setting file creation mode to 0666 and umask to %o", setumask); |
395 |
mode = 0666; |
396 |
umask(setumask); |
397 |
} |
398 |
|
384 |
TRACE("open id %u name %s flags %d mode 0%o", id, name, pflags, mode); |
399 |
TRACE("open id %u name %s flags %d mode 0%o", id, name, pflags, mode); |
385 |
fd = open(name, flags, mode); |
400 |
fd = open(name, flags, mode); |
386 |
if (fd < 0) { |
401 |
if (fd < 0) { |
Lines 394-399
Link Here
|
394 |
status = SSH2_FX_OK; |
409 |
status = SSH2_FX_OK; |
395 |
} |
410 |
} |
396 |
} |
411 |
} |
|
|
412 |
if ( permit_logging == 1 ) |
413 |
logit("open %s", name); |
397 |
if (status != SSH2_FX_OK) |
414 |
if (status != SSH2_FX_OK) |
398 |
send_status(id, status); |
415 |
send_status(id, status); |
399 |
xfree(name); |
416 |
xfree(name); |
Lines 430-435
Link Here
|
430 |
(u_int64_t)off, len); |
447 |
(u_int64_t)off, len); |
431 |
if (len > sizeof buf) { |
448 |
if (len > sizeof buf) { |
432 |
len = sizeof buf; |
449 |
len = sizeof buf; |
|
|
450 |
if ( permit_logging == 1 ) |
433 |
logit("read change len %d", len); |
451 |
logit("read change len %d", len); |
434 |
} |
452 |
} |
435 |
fd = handle_to_fd(handle); |
453 |
fd = handle_to_fd(handle); |
Lines 449-454
Link Here
|
449 |
} |
467 |
} |
450 |
} |
468 |
} |
451 |
} |
469 |
} |
|
|
470 |
if ( permit_logging == 1 ) |
471 |
logit("reading file"); |
452 |
if (status != SSH2_FX_OK) |
472 |
if (status != SSH2_FX_OK) |
453 |
send_status(id, status); |
473 |
send_status(id, status); |
454 |
} |
474 |
} |
Lines 483-492
Link Here
|
483 |
} else if (ret == len) { |
503 |
} else if (ret == len) { |
484 |
status = SSH2_FX_OK; |
504 |
status = SSH2_FX_OK; |
485 |
} else { |
505 |
} else { |
|
|
506 |
if ( permit_logging == 1 ) |
486 |
logit("nothing at all written"); |
507 |
logit("nothing at all written"); |
487 |
} |
508 |
} |
488 |
} |
509 |
} |
489 |
} |
510 |
} |
|
|
511 |
if ( permit_logging == 1 ) |
512 |
logit("writing file"); |
490 |
send_status(id, status); |
513 |
send_status(id, status); |
491 |
xfree(data); |
514 |
xfree(data); |
492 |
} |
515 |
} |
Lines 579-602
Link Here
|
579 |
a = get_attrib(); |
602 |
a = get_attrib(); |
580 |
TRACE("setstat id %u name %s", id, name); |
603 |
TRACE("setstat id %u name %s", id, name); |
581 |
if (a->flags & SSH2_FILEXFER_ATTR_SIZE) { |
604 |
if (a->flags & SSH2_FILEXFER_ATTR_SIZE) { |
|
|
605 |
if ( permit_logging == 1 ) |
606 |
logit("process_setstat: truncate"); |
582 |
ret = truncate(name, a->size); |
607 |
ret = truncate(name, a->size); |
583 |
if (ret == -1) |
608 |
if (ret == -1) |
584 |
status = errno_to_portable(errno); |
609 |
status = errno_to_portable(errno); |
585 |
} |
610 |
} |
586 |
if (a->flags & SSH2_FILEXFER_ATTR_PERMISSIONS) { |
611 |
if (a->flags & SSH2_FILEXFER_ATTR_PERMISSIONS) { |
587 |
ret = chmod(name, a->perm & 0777); |
612 |
if (permit_chmod == 1) { |
588 |
if (ret == -1) |
613 |
ret = chmod(name, a->perm & 0777); |
589 |
status = errno_to_portable(errno); |
614 |
if (ret == -1) |
|
|
615 |
status = errno_to_portable(errno); |
616 |
else |
617 |
if ( permit_logging == 1 ) |
618 |
logit("chmod'ed %s", name); |
619 |
} else { |
620 |
status = SSH2_FX_PERMISSION_DENIED; |
621 |
if ( permit_logging == 1 ) |
622 |
logit("chmod %s: operation prohibited by sftp-server configuration.", name); |
623 |
} |
590 |
} |
624 |
} |
591 |
if (a->flags & SSH2_FILEXFER_ATTR_ACMODTIME) { |
625 |
if (a->flags & SSH2_FILEXFER_ATTR_ACMODTIME) { |
|
|
626 |
if ( permit_logging == 1 ) |
627 |
logit("process_setstat: utimes"); |
592 |
ret = utimes(name, attrib_to_tv(a)); |
628 |
ret = utimes(name, attrib_to_tv(a)); |
593 |
if (ret == -1) |
629 |
if (ret == -1) |
594 |
status = errno_to_portable(errno); |
630 |
status = errno_to_portable(errno); |
595 |
} |
631 |
} |
596 |
if (a->flags & SSH2_FILEXFER_ATTR_UIDGID) { |
632 |
if (a->flags & SSH2_FILEXFER_ATTR_UIDGID) { |
597 |
ret = chown(name, a->uid, a->gid); |
633 |
if (permit_chown == 1) { |
598 |
if (ret == -1) |
634 |
ret = chown(name, a->uid, a->gid); |
599 |
status = errno_to_portable(errno); |
635 |
if (ret == -1) |
|
|
636 |
status = errno_to_portable(errno); |
637 |
else |
638 |
if ( permit_logging == 1 ) |
639 |
logit("chown'ed %s.", name); |
640 |
} else { |
641 |
status = SSH2_FX_PERMISSION_DENIED; |
642 |
if ( permit_logging == 1 ) |
643 |
logit("chown %s: operation prohibited by sftp-server configuration.", name); |
644 |
} |
600 |
} |
645 |
} |
601 |
send_status(id, status); |
646 |
send_status(id, status); |
602 |
xfree(name); |
647 |
xfree(name); |
Lines 611-616
Link Here
|
611 |
int status = SSH2_FX_OK; |
656 |
int status = SSH2_FX_OK; |
612 |
char *name; |
657 |
char *name; |
613 |
|
658 |
|
|
|
659 |
if ( permit_logging == 1 ) |
660 |
logit("process_fsetstat"); |
661 |
|
614 |
id = get_int(); |
662 |
id = get_int(); |
615 |
handle = get_handle(); |
663 |
handle = get_handle(); |
616 |
a = get_attrib(); |
664 |
a = get_attrib(); |
Lines 621-640
Link Here
|
621 |
status = SSH2_FX_FAILURE; |
669 |
status = SSH2_FX_FAILURE; |
622 |
} else { |
670 |
} else { |
623 |
if (a->flags & SSH2_FILEXFER_ATTR_SIZE) { |
671 |
if (a->flags & SSH2_FILEXFER_ATTR_SIZE) { |
|
|
672 |
if ( permit_logging == 1 ) |
673 |
logit("process_fsetstat: ftruncate"); |
624 |
ret = ftruncate(fd, a->size); |
674 |
ret = ftruncate(fd, a->size); |
625 |
if (ret == -1) |
675 |
if (ret == -1) |
626 |
status = errno_to_portable(errno); |
676 |
status = errno_to_portable(errno); |
627 |
} |
677 |
} |
628 |
if (a->flags & SSH2_FILEXFER_ATTR_PERMISSIONS) { |
678 |
if (a->flags & SSH2_FILEXFER_ATTR_PERMISSIONS) { |
|
|
679 |
if (permit_chmod == 1) { |
629 |
#ifdef HAVE_FCHMOD |
680 |
#ifdef HAVE_FCHMOD |
630 |
ret = fchmod(fd, a->perm & 0777); |
681 |
ret = fchmod(fd, a->perm & 0777); |
631 |
#else |
682 |
#else |
632 |
ret = chmod(name, a->perm & 0777); |
683 |
ret = chmod(name, a->perm & 0777); |
633 |
#endif |
684 |
#endif |
634 |
if (ret == -1) |
685 |
if (ret == -1) |
635 |
status = errno_to_portable(errno); |
686 |
status = errno_to_portable(errno); |
|
|
687 |
else |
688 |
if ( permit_logging == 1 ) |
689 |
logit("chmod: succeeded."); |
690 |
} else { |
691 |
status = SSH2_FX_PERMISSION_DENIED; |
692 |
if ( permit_logging == 1 ) |
693 |
logit("chmod: operation prohibited by sftp-server configuration."); |
694 |
} |
636 |
} |
695 |
} |
637 |
if (a->flags & SSH2_FILEXFER_ATTR_ACMODTIME) { |
696 |
if (a->flags & SSH2_FILEXFER_ATTR_ACMODTIME) { |
|
|
697 |
if ( permit_logging == 1 ) |
698 |
logit("process_fsetstat: utimes"); |
638 |
#ifdef HAVE_FUTIMES |
699 |
#ifdef HAVE_FUTIMES |
639 |
ret = futimes(fd, attrib_to_tv(a)); |
700 |
ret = futimes(fd, attrib_to_tv(a)); |
640 |
#else |
701 |
#else |
Lines 644-656
Link Here
|
644 |
status = errno_to_portable(errno); |
705 |
status = errno_to_portable(errno); |
645 |
} |
706 |
} |
646 |
if (a->flags & SSH2_FILEXFER_ATTR_UIDGID) { |
707 |
if (a->flags & SSH2_FILEXFER_ATTR_UIDGID) { |
|
|
708 |
if (permit_chown == 1) { |
647 |
#ifdef HAVE_FCHOWN |
709 |
#ifdef HAVE_FCHOWN |
648 |
ret = fchown(fd, a->uid, a->gid); |
710 |
ret = fchown(fd, a->uid, a->gid); |
649 |
#else |
711 |
#else |
650 |
ret = chown(name, a->uid, a->gid); |
712 |
ret = chown(name, a->uid, a->gid); |
651 |
#endif |
713 |
#endif |
652 |
if (ret == -1) |
714 |
if (ret == -1) |
653 |
status = errno_to_portable(errno); |
715 |
status = errno_to_portable(errno); |
|
|
716 |
else |
717 |
if ( permit_logging == 1 ) |
718 |
logit("chown: succeeded"); |
719 |
} else { |
720 |
status = SSH2_FX_PERMISSION_DENIED; |
721 |
if ( permit_logging == 1 ) |
722 |
logit("chown: operation prohibited by sftp-server configuration."); |
723 |
} |
654 |
} |
724 |
} |
655 |
} |
725 |
} |
656 |
send_status(id, status); |
726 |
send_status(id, status); |
Lines 680-685
Link Here
|
680 |
} |
750 |
} |
681 |
|
751 |
|
682 |
} |
752 |
} |
|
|
753 |
if ( permit_logging == 1 ) |
754 |
logit("opendir %s", path); |
683 |
if (status != SSH2_FX_OK) |
755 |
if (status != SSH2_FX_OK) |
684 |
send_status(id, status); |
756 |
send_status(id, status); |
685 |
xfree(path); |
757 |
xfree(path); |
Lines 753-758
Link Here
|
753 |
TRACE("remove id %u name %s", id, name); |
825 |
TRACE("remove id %u name %s", id, name); |
754 |
ret = unlink(name); |
826 |
ret = unlink(name); |
755 |
status = (ret == -1) ? errno_to_portable(errno) : SSH2_FX_OK; |
827 |
status = (ret == -1) ? errno_to_portable(errno) : SSH2_FX_OK; |
|
|
828 |
if ( permit_logging == 1 ) |
829 |
logit("remove file %s", name); |
756 |
send_status(id, status); |
830 |
send_status(id, status); |
757 |
xfree(name); |
831 |
xfree(name); |
758 |
} |
832 |
} |
Lines 770-778
Link Here
|
770 |
a = get_attrib(); |
844 |
a = get_attrib(); |
771 |
mode = (a->flags & SSH2_FILEXFER_ATTR_PERMISSIONS) ? |
845 |
mode = (a->flags & SSH2_FILEXFER_ATTR_PERMISSIONS) ? |
772 |
a->perm & 0777 : 0777; |
846 |
a->perm & 0777 : 0777; |
|
|
847 |
|
848 |
if (setumask != 0) { |
849 |
if ( permit_logging == 1 ) |
850 |
logit("setting directory creation mode to 0777 and umask to %o.", setumask); |
851 |
mode = 0777; |
852 |
umask(setumask); |
853 |
} |
854 |
|
773 |
TRACE("mkdir id %u name %s mode 0%o", id, name, mode); |
855 |
TRACE("mkdir id %u name %s mode 0%o", id, name, mode); |
774 |
ret = mkdir(name, mode); |
856 |
ret = mkdir(name, mode); |
775 |
status = (ret == -1) ? errno_to_portable(errno) : SSH2_FX_OK; |
857 |
status = (ret == -1) ? errno_to_portable(errno) : SSH2_FX_OK; |
|
|
858 |
if ( permit_logging == 1 ) |
859 |
logit("mkdir %s", name); |
776 |
send_status(id, status); |
860 |
send_status(id, status); |
777 |
xfree(name); |
861 |
xfree(name); |
778 |
} |
862 |
} |
Lines 789-794
Link Here
|
789 |
TRACE("rmdir id %u name %s", id, name); |
873 |
TRACE("rmdir id %u name %s", id, name); |
790 |
ret = rmdir(name); |
874 |
ret = rmdir(name); |
791 |
status = (ret == -1) ? errno_to_portable(errno) : SSH2_FX_OK; |
875 |
status = (ret == -1) ? errno_to_portable(errno) : SSH2_FX_OK; |
|
|
876 |
if ( permit_logging == 1 ) |
877 |
logit("rmdir %s", name); |
792 |
send_status(id, status); |
878 |
send_status(id, status); |
793 |
xfree(name); |
879 |
xfree(name); |
794 |
} |
880 |
} |
Lines 815-820
Link Here
|
815 |
s.name = s.long_name = resolvedname; |
901 |
s.name = s.long_name = resolvedname; |
816 |
send_names(id, 1, &s); |
902 |
send_names(id, 1, &s); |
817 |
} |
903 |
} |
|
|
904 |
if ( permit_logging == 1 ) |
905 |
logit("realpath %s", path); |
818 |
xfree(path); |
906 |
xfree(path); |
819 |
} |
907 |
} |
820 |
|
908 |
|
Lines 870-875
Link Here
|
870 |
status = SSH2_FX_OK; |
958 |
status = SSH2_FX_OK; |
871 |
} |
959 |
} |
872 |
send_status(id, status); |
960 |
send_status(id, status); |
|
|
961 |
if ( permit_logging == 1 ) |
962 |
logit("rename old %s new %s", oldpath, newpath); |
873 |
xfree(oldpath); |
963 |
xfree(oldpath); |
874 |
xfree(newpath); |
964 |
xfree(newpath); |
875 |
} |
965 |
} |
Lines 895-900
Link Here
|
895 |
s.name = s.long_name = buf; |
985 |
s.name = s.long_name = buf; |
896 |
send_names(id, 1, &s); |
986 |
send_names(id, 1, &s); |
897 |
} |
987 |
} |
|
|
988 |
if ( permit_logging == 1 ) |
989 |
logit("readlink %s", path); |
898 |
xfree(path); |
990 |
xfree(path); |
899 |
} |
991 |
} |
900 |
|
992 |
|
Lines 913-918
Link Here
|
913 |
ret = symlink(oldpath, newpath); |
1005 |
ret = symlink(oldpath, newpath); |
914 |
status = (ret == -1) ? errno_to_portable(errno) : SSH2_FX_OK; |
1006 |
status = (ret == -1) ? errno_to_portable(errno) : SSH2_FX_OK; |
915 |
send_status(id, status); |
1007 |
send_status(id, status); |
|
|
1008 |
if ( permit_logging == 1 ) |
1009 |
logit("symlink old %s new %s", oldpath, newpath); |
916 |
xfree(oldpath); |
1010 |
xfree(oldpath); |
917 |
xfree(newpath); |
1011 |
xfree(newpath); |
918 |
} |
1012 |
} |
Lines 1034-1039
Link Here
|
1034 |
{ |
1128 |
{ |
1035 |
fd_set *rset, *wset; |
1129 |
fd_set *rset, *wset; |
1036 |
int in, out, max; |
1130 |
int in, out, max; |
|
|
1131 |
unsigned int val = 0; |
1132 |
char *umask_env; |
1037 |
ssize_t len, olen, set_size; |
1133 |
ssize_t len, olen, set_size; |
1038 |
|
1134 |
|
1039 |
/* XXX should use getopt */ |
1135 |
/* XXX should use getopt */ |
Lines 1041-1050
Link Here
|
1041 |
__progname = ssh_get_progname(av[0]); |
1137 |
__progname = ssh_get_progname(av[0]); |
1042 |
handle_init(); |
1138 |
handle_init(); |
1043 |
|
1139 |
|
|
|
1140 |
/* Transaction logging */ |
1141 |
|
1142 |
if (getenv("LOG_SFTP") && atoi(getenv("LOG_SFTP")) == 1) |
1143 |
{ |
1144 |
permit_logging = 1; |
1145 |
log_init("sftp-server", atoi(getenv("SFTP_LOG_LEVEL")), |
1146 |
atoi(getenv("SFTP_LOG_FACILITY")), 0); |
1147 |
} |
1148 |
|
1149 |
|
1044 |
#ifdef DEBUG_SFTP_SERVER |
1150 |
#ifdef DEBUG_SFTP_SERVER |
1045 |
log_init("sftp-server", SYSLOG_LEVEL_DEBUG1, SYSLOG_FACILITY_AUTH, 0); |
1151 |
log_init("sftp-server", SYSLOG_LEVEL_DEBUG1, SYSLOG_FACILITY_AUTH, 0); |
1046 |
#endif |
1152 |
#endif |
1047 |
|
1153 |
|
|
|
1154 |
if ( permit_logging == 1 ) |
1155 |
logit("Starting sftp-server logging for user %s.", ((getenv("USER")!=NULL) ? getenv("USER") : "$USER==NULL")); |
1156 |
|
1157 |
/* Umask control */ |
1158 |
|
1159 |
umask_env = getenv("SFTP_UMASK"); |
1160 |
while (umask_env && *umask_env && *umask_env >= '0' && *umask_env <= '9') |
1161 |
val = val * 8 + *umask_env++ - '0'; |
1162 |
|
1163 |
if (!umask_env || *umask_env || val > 0777 || val == 0) { |
1164 |
if ( permit_logging == 1 ) |
1165 |
logit("bad value %o for SFTP_UMASK, turning umask control off.", val); |
1166 |
setumask = 0; |
1167 |
} else { |
1168 |
if ( permit_logging == 1 ) |
1169 |
logit("umask control is on."); |
1170 |
setumask = val; |
1171 |
} |
1172 |
|
1173 |
|
1174 |
/* Sensitive client commands */ |
1175 |
|
1176 |
if (!getenv("SFTP_PERMIT_CHMOD") || atoi(getenv("SFTP_PERMIT_CHMOD")) != 1) { |
1177 |
permit_chmod = 0; |
1178 |
if ( permit_logging == 1 ) |
1179 |
logit("client is not permitted to chmod."); |
1180 |
} |
1181 |
if (!getenv("SFTP_PERMIT_CHOWN") || atoi(getenv("SFTP_PERMIT_CHOWN")) != 1) { |
1182 |
permit_chown = 0; |
1183 |
if ( permit_logging == 1 ) |
1184 |
logit("client is not permitted to chown."); |
1185 |
} |
1186 |
|
1048 |
in = dup(STDIN_FILENO); |
1187 |
in = dup(STDIN_FILENO); |
1049 |
out = dup(STDOUT_FILENO); |
1188 |
out = dup(STDOUT_FILENO); |
1050 |
|
1189 |
|
Lines 1087-1092
Link Here
|
1087 |
len = read(in, buf, sizeof buf); |
1226 |
len = read(in, buf, sizeof buf); |
1088 |
if (len == 0) { |
1227 |
if (len == 0) { |
1089 |
debug("read eof"); |
1228 |
debug("read eof"); |
|
|
1229 |
if ( permit_logging == 1 ) |
1230 |
logit("sftp-server finished."); |
1090 |
exit(0); |
1231 |
exit(0); |
1091 |
} else if (len < 0) { |
1232 |
} else if (len < 0) { |
1092 |
error("read error"); |
1233 |
error("read error"); |